The F*CKWIT Intel chip flaw. Ready yourself for patches

If your computer is one of those which has an Intel CPUs released in recent years (it probably does) then there’s some big news on the security front.

As The Registerreports, a newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.

Precise details of the security vulnerability - which is known variously as KPTI (Kernel Page Table Isolation), KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) and even F*CKWIT (Forcefully Unmap Complete Kernel With Interrupt Trampolines) - have not been made public, and with good reason.

The very real fear is that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer’s memory which may be storing sensitive information. Think passwords, private keys, credit card data…

Intel isn’t able to push out a firmware update to its chip. That means operating systems like Microsoft Windows, Linux, and Apple macOS, which relied upon Intel’s hardware to provide some of these essential security services, will have to push out their own low-level updates to do the job that they were previously relying upon Intel to do.

Meanwhile cloud services like Amazon EC2, Microsoft Azure, and Google Compute Engine are are also likely to be at risk and will need to be updated.

The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months, and major vendors have been working feverishly on fixes. You can expect the likes of Microsoft and Apple to start rolling out security updates as matter of priority before the flaw is maliciously exploited.

The bad news is that no-one likes to make such low level security updates, particularly under such time-sensitive conditions. Inevitably some businesses will find themselves disrupted by the process.

And going forward, the fact that the operating system has to do more because Intel chips have dropped the ball, may mean that some computer operations take a performance hit.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

7 Responses

If the OS must be patched to cover for Intel chip flaws, presumably those with AMD chips will also suffer the slowdown, even though their chip doesn’t suffer from the flaw, or can the patched OS discriminate?

A mate from Sweden shared this with me many hours ago. Yes I fear it will take a performance hit. It’ll also hit pockets too. Although this box which I built in 2014 (Intel i7 4790k, fourth gen) will probably be okay the other two computers in the house are quite a bit older - 2008 and 2009. Those will have to be upgraded.

But of course Intel first has to introduce new CPUs to fix it (and their CPUs are expensive - you do get what you pay for however). And of course we have to consider new motherboards (different chipset etc.) and RAM and so on. Not nice. Unimpressed to say the least. Yet as a programmer I realise that we all make mistakes and I certainly won’t blame them or criticise them. But it’s still very frustrating.

Intel’s performance is higher than AMD but the question is will systems not upgraded be higher performance? But there’s another issue: will Intel’s reputation be tainted? Quite possibly. This raises the question of whether or not this is what AMD has been needing for aeons. Time will tell, as it tells everything…

Whether or not it’s vulnerable isn’t really relevant: it’ll come with the kernel updates (I should say: came with as I updated more than 11 days ago now). And I didn’t have any performance hit on any system, which wasn’t what I was expecting at all but was very thankful for.

In the end it’s not a matter of what hardware is vulnerable; what matters is the actual software that works around the flaw because everyone getting updates will get that.

Smashing Security podcast

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!